The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/85cc39b1-416f-4d23-84c1-fdcbffb0dda0 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-06-27T13:17:20.907Z
Updated: 2023-06-27T13:17:20.907Z
Reserved: 2023-05-10T09:40:03.919Z
Link: CVE-2023-2623
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-27T14:15:10.967
Modified: 2023-11-07T04:12:58.810
Link: CVE-2023-2623
JSON object: View
Redhat Information
No data.
CWE
No CWE.